Just another Tech blog from a forgetful mind

IBM MQ: How to copy a TLS/SSL configured keystore from one queue manager to another

Sometimes you got more then one queue manager on a machine. If these queue managers need to be TLS/SSL enabled (and they should always be that) they all need a server certificate, but because they are on the same machine they might all need to have the same certificate. Copying from one setup to another is actually really simple. I’m here going to show how

Premisses
* Two queue managers: MYQM01 and MYQM02
* MYQM01 has a configured and working keystore and stash file
* Keystore file and stash is called key.kdb and key.sth
* We are using the default label name pattern for server certificates: ibmwebspheremq<qmanager name>
* We are using the default keystore location in Linux: /var/mqm/qmgrs/<qmanager name>/ssl/

First we need to copy all the files

cp /var/mqm/qmgrs/MYQM01/ssl/key* /var/mqm/qmgrs/MYQM02/ssl/

Now we need to rename the label of the server certificate in the new location (for this we use the ikeycmd program shipped with installations from MQ 8 and up)